Question: How do I prevent user profile fields from being stored in Auth0?
Answer:
If you need to prevent Auth0 from storing certain user profile fields for privacy reasons, you can do so by adding the fields to the connection’s deny list.
For example, if you’d like to prevent the user’s picture from being saved in Auth0 when users log in using the Google social connection you can follow these steps to add the user.picture
field to the Google social connection’s deny list:
- Get a Management API Access Token. In this example, you can use the token located in the API Explorer tab of the Auth0 Management API page in the dashboard:
- Go to Auth0 Management API v2 and click on the SET API TOKEN button on the top left and paste the Access Token:
- Use the GET /api/v2/connections endpoint to get the connection ID for the connection you’d like to update (the Google social connection in this example):
- Use the PATCH /api/v2/connections/{id} endpoint to update the connection. (Use the connection ID you retrieved in step 3.):
{
"options": {
"non_persistent_attrs": ["picture"]
}
}
- Test it out! When you log in using the connection you updated, you should no longer see the user’s picture saved in Auth0:
Documentation: https://auth0.com/docs/security/denylist-user-attributes
Community Topic: Prevent picture from social identity provider from being saved to user account